ISO/IEC 27001 is one of the core standards of information security management system (ISMS) family of standards. It provides ISMS requirements and is used for ISMS certification. It is being revised in the regular revision process of ISO standards and will be published in 2013. One of the characteristics of ISMS is including risk management as one of the core activities. Thus, this paper focuses on the ISMS requirements related to risk management, and shows the issues identified in the revision process, then proposes how to approach to the issues.
